Linus Torvalds Hasn't Yet Decided On "LOCKDOWN" Functionality For Linux 5.4

Written by Michael Larabel in Linux Kernel on 27 September 2019 at 03:10 PM EDT. 10 Comments
LINUX KERNEL
The Linux 5.4 kernel merge window is set to close this weekend and as of writing it's still yet to be decided by Linus Torvalds whether to accept the kernel "lockdown" functionality feature for this release.

The Linux Lockdown functionality is about restricting access to the underlying hardware or features that could modify the running kernel image. Particularly for security conscious users and for applications like UEFI SecureBoot, this lockdown functionality is opt-in and really limit the bits that can be touched by the kernel. Among the limitations enforced in this lock-down mode is preventing hibernation support, blocking kernel module parameters that manipulate hardware settings, restricting access to CPU MSRs, blocking writes to /dev/mem even when root, and a variety of other safeguards.

The patches have gone through 40 rounds of review and previously didn't make it to the mainline kernel though some distribution vendor kernels do carry patches in various forms.

At the onset of the Linux 5.4 merge window, the latest lockdown pull request was sent in. Since then, it's been silent... Until today with finally getting some clarification from Torvalds.

In response to longtime kernel developer Jiri Kosina of SUSE asking whether it would be merged or dropped for good, Torvalds provided some clarification. He says he intends to look through the work patch-by-patch but he hasn't yet had the time to do so.

We'll see if he has the time this weekend to decide on accepting lockdown or if it's something that he either is going to reject or defer until a later kernel.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week